POSTDOCs: Probalogical Optimization, Scalability, and Transfer in Dynamic Cooperating Systems

Abstract

POSTDOCs: Probalogical Optimization, Scalability, and Transfer in Dynamic Cooperating SystemsPOSTDOC enables collaborative, automated reasoning that spans symbolic and statistical systems and reasoners and applies it to cybersecurity network defense. This extends earlier work on probalogic reasoning that combines probability-based statistical learning with logic-based symbolic reasoning. Today s networked systems employ a diverse set of monitors to detect andprotect critical networks from attack, including rule-based network intrusion detection systems (NIDs, e.g. SNORT) and machine-learning classifiers (ML, e.g. Gaussian anomaly detection). However, these systems tend to work in isolation and require considerable manual tuning for each deployed environment. By combining and sharing information and learning across a range of diverse sensors (sitting at diverse points in the network, monitoring a diverse set of events, employing diverse reasoning technology), the system can provide greater performance (faster response, faster adaptation, higher detection rate, lower false-positive rates) than isolated systems.The overall system embodies a fast-slow reasoning architecture that accumulates knowledge over time integrated from multiple sources and uses this knowledge to develop and refine fast, approximate classifiers that monitor and classify network traffic that are backed by slower, more accurate disambiguation to achieve high quality (low error rate) classification while operating at real-time traffic rates (potentially at multi-gigabit rates). The split between fast, approximate classifiers and accurate disambiguation is refined and adapted to the local traffic stream as part of the learning process. The primary goal of POSTDOC is to lay the research foundations for transferlearning and collaborative reasoning in the probalogical model, applied to general network defense and response. Achieving this goal will require innovation in three main areas a) optimization: improve both decision accuracy and throughput performance; b) scalability: ability to adapt as resources become scarce or abundant; and c) transfer: share and apply knowledge and skillspreviously learned by other reasoners. This effort characterize the capabilities of both statistical and symbolic knowledge representation, identifies how we can share and transfer knowledge among diverse systems with different representations and viewpoints, and develops techniques that allow these systems to cooperate to perform distributed learning and reasoning. Collaborative, distributed reasoning addresses both scalability and performance issues as well as diverse view and actuation points in the network. Since knowledge sharing between distributed nodes on the network also consumes network resources, the effort also explores efficient knowledge exchangeincluding compact knowledge representations, tradeoffs in shared data size and impact on task performance, and prioritization for knowledge sharing. Furthermore, the effort explores techniques for securing the knowledge base and knowledge sharing against confidentiality, integrity, and availability attacks using modern cryptographic techniques (e.g., distributed, secure hashes; block chains). Overall Merit and ONR Mission/Relevance: This research extends ourfoundational work on combining formal and statistical reasoning to provide systems that exploit the best properties of each to provide more robust and adaptive learning systems. The validation applications developed for cybersecurity network defense are expected to be adaptive and autonomous beyond the capability and intelligence of current network intrusion and preventionsystems. These systems can significantly enhanced the security of Navy???s networking infrastructure, which is essential to the success of Navy missions.

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 26, 2018

Source ID

N000141812557

Entities

Tags